Vitalik Buterin Emphasizes Importance of Varied Guardians for Crypto Wallet Safety

In a post on Reddit’s r/ethereum community on March 16th, Ethereum co-founder Vitalik Buterin shared his approach to wallet security and emphasized the importance of having a varied set of guardians to ensure maximum safety for crypto assets held in self-custody through multisig and social recovery wallets. With an increasing number of crypto scams and hacks in recent years, and several major crypto firms going bust in 2022, self-custody and maintaining sufficient wallet safety procedures have become more critical than ever.

Multisig and social recovery wallets rely on guardians, which are external sources that can recover funds or approve transactions. Buterin noted that while the structures of these wallets differ, the guardians they rely on should be decentralized, meaning that they should be controlled by other people to minimize the concentration of power and risk of hacking, coercion, incapacitation, or death. Buterin advised that enough guardians should be controlled by other people, so if the wallet owner disappears, there are still enough other guardians left to recover their funds.

Furthermore, Buterin suggested that someone’s set of guardians should not know each other, as this reduces the risk of collusion to attack their wallets and assets. However, they should still be able to find each other in case something happens to the wallet owner. Buterin also recommended that guardians ask a security question that only they and the owner know when confirming an operation, which should only be confirmed when the correct answer is given.

For degen traders or those not making long-term hodl plays, Buterin stressed the need to use guardians that can respond quickly to suit their fast-moving needs. In such cases, guardians should be able to act quickly on short notice to pull money out if a contract becomes vulnerable, move money around if they are close to being liquidated, etc.

Finally, Buterin recommended testing each guardian at least once a year, as this will confirm that they haven’t forgotten or lost their accounts. With the increasing rate of crypto scams and hacks in recent years, maintaining sufficient wallet safety procedures has become more important than ever, and following Buterin’s advice on choosing guardians for multisig and social recovery wallets can help maximize the safety of crypto assets held in self-custody.


Tagged : / / / / /

Safeheron Discovers Security Flaw in MPC Wallets

MPC wallets are becoming more popular among financial institutions and developers of Web3 apps as a means of securing cryptocurrency assets. This trend may be attributed to the growing concern about the security of cryptocurrency holdings. These wallets are able to perform their intended functions as a result of the production of pieces of a private key that are owned by a number of different signers. In order for a transaction to take place, each fragment must have a certain amount of signatures in order for them to be considered genuine. In contrast to conventional multisig wallets, MPC wallets do not need the addition of any particular smart contracts to the blockchain in order to function properly. Moreover, MPC wallets are able to be blockchain-agnostic, which results in lower gas rates. This is a significant advantage.

Despite the fact that MPC wallets are generally considered to be more secure than single signature wallets, Safeheron discovered a security flaw in MPC wallets when they were used with Starknet-based applications. This flaw was discovered despite the fact that MPC wallets are compatible with Starknet. Some programs have the capability of obtaining a stark key signature and/or an api key signature, which enables them to sidestep the precautions that are imposed on the private keys that are held in MPC wallets. It’s possible that this will lead to illegal operations, such as the placement of orders, the completion of layer 2 transfers, or the cancellation of orders.

The exposure of this security flaw highlights how critical it is for the bitcoin community to continually test and enhance its security procedures. [Citation needed] [Citation needed] Since more and more financial institutions and Web3 app developers rely on MPC wallets to keep their funds secure, it is very essential that any flaws be discovered and repaired in order to prevent any security breaches. This is due to the fact that such vulnerabilities might lead to breaches in security. The exposure of Safeheron ought to serve as a lesson for anybody who uses cryptocurrencies, encouraging them to be vigilant and to put a priority on security in the transactions that they conduct.


Tagged : / / / / /

How Bitcoin’s Taproot Upgrade Will Improve Technology Across Bitcoin’s Software Stack

Bitcoin’s Taproot upgrade is (basically) a shoe-in as Bitcoin stakeholders figure out the best way to bring it online. 

Digital signatures are created from the private keys that control bitcoin wallets and are required to approve transactions. Taproot addresses will use Schnorr signatures, rather than Bitcoin’s current signature algorithm, the elliptic curve digital signature algorithm, or ECDSA for short. 

In terms of data and processing, Schnorr signatures are smaller and faster than ECDSA signatures and also have the added benefit of being “linear,” which means Schnorr-based smart contracts can be optimized for functions that ECDSA signatures cannot.

These differences have made Taproot a highly anticipated upgrade because it will give Bitcoin a boost to transaction privacy and allow for more lightweight and complex “smart contracts” (an encoded contract with self-executing rules).

The tooling and coding improvements Taproot brings will be largely under the hood and will be a boon to developers. Regular Bitcoin users, however, will also benefit from usability, performance, and privacy improvements to multisignature (multisig) technology, privacy software and even scaling tech like the Lightning Network.

Without Taproot, applying the following upgrades to these softwares would either not be possible or not be as viable.

MuSig2: Boosting privacy and efficiency of multisig transactions

Bitcoin development hub Blockstream is developing a new multisig software, MuSig2, which will make multisig transactions more efficient, cheaper and more private.

Unlike usual Bitcoin wallets, which only require a single signature from a private key, multisig wallets require at least two or more signatures from different private keys to approve a transaction. The idea is to distribute the risk of a wallet among multiple keys and, if needed, multiple parties.

Under the current design with ECDSA contracts, multisig transactions record the signature of each multisig participant individually. Schnorr signatures would allow each signature to be recorded as one signature on the blockchain, making the transactions more lightweight in data, and thus cheaper.

“[Taproot] benefits multisig wallets such as Blockstream Green because using MuSig2 is cheaper and more private than current multisig setups,” Blockstream developer Jonas Nick told CoinDesk. 

The Bitcoin upgrade will also raise the limit on signers a multisig wallet allows from 15 to a “much higher number,” said Bitcoin developer Chris Belcher.

Schnorr-signature based transactions are more private because, thanks to so-called scriptless scripts, all Taproot transactions have the same digital footprint. That means a single signature transaction and a multisig transaction look the same on the blockchain under Taproot’s rules.

This privacy improvement spills over into other areas of Bitcoin’s development, too.

“MuSig2 also improves efficiency of multi-party contracts such as Lightning Channels, CoinSwaps or discrete log contracts, and improves the privacy of routing in the Lightning Network by enabling ‘scriptless scripts.’ This also means that the anonymity set of regular transactions would become larger because, for a blockchain observer, it could just as well be part of a multi-party contract or multisig wallet,” Nick said.

CoinSwap: Disguising mixed coin transactions

All of the softwares Nick referenced rely on multisig wallets to bind market participants in cryptographically reinforced rules of engagement called smart contracts.

One of these, the privacy protocol CoinSwap, is widely considered to be the best successor to CoinJoin, currently the most popular software for “mixing” bitcoins to obscure their transaction history. 

One shortcoming of CoinSwap’s precursors including CoinJoin is such transactions show up as distinctly different from normal ones. This makes it easier for blockchain analysis to pinpoint CoinJoins on-chain, thwarting any privacy benefits. 

According to Belcher, Bitcoin’s Taproot upgrade will fix this problem.

“A good benefit of Taproot is also that it allows scriptless scripts. As you may know, protocols like Lightning Network and CoinSwap depend on so-called hash time locked contracts. Currently these contracts are visible on the blockchain. The thing that scriptless scripts allows is for those contracts to also look exactly the same as a Taproot single-sig transaction.”

Point Time Lock Contracts: Making Lightning More Private

As Belcher points out, Bitcoin’s Lightning Network uses hash time locked contracts (HTLCs) to facilitate transactions. But Schnorr Signatures would pave the way for point time lock contracts (PTLCs), an improvement on HTLCs that allow for more private and efficient smart contracts for Lightning.

The privacy gain comes from a modification to how Lightning Network nodes “route” transactions. Lightning transactions must be sent directly and peer-to-peer on what are called “payment channels.” Otherwise, lacking this direct connection, payments must be routed through peers to which both the sender and receiver are connected.

Lightning Network nodes route transactions by passing on a hash of the payment to each node on that payment’s path. PTLCs alter this hash by adding random info at each hop to make the payment less traceable to any party conducting blockchain surveillance. 

Additionally, PTLCs will enable more complex smart contract logic to facilitate unprecedented blockchain escrow conditions and to improve oracles. (Since a blockchain can’t process data outside of its network, an oracle feeds this data to it.)

“Technically, [PTLCs] could be done today with ECDSA but it doesn’t have the same proven security, and if it was implemented it would have to be redone once we get Taproot,” Ben Carman, a developer at Suredbits, told CoinDesk.

Other Taproot improvements

Carman and his colleagues at Suredbits have been working on discrete log contracts (DLCs), a fairly new smart contract logic for Bitcoin that, while working today, will be more flexible and easier to use when Bitcoin’s Taproot upgrade kicks in.

Belcher told CoinDesk that Schnorr signatures will also enable “batched validation” wherein a Bitcoin full node could “validate 1,000 Taproot signatures in nearly the same time it takes to validate one [ECDSA] signature.” This scaling solution would significantly speed the time it takes a node to verify all signatures in a block.

Additionally, Taproot could use “ring signatures” to give users the ability to prove they own certain coins without having to reveal the public key associated with those coins.

“That means someone could prove that they own a certain coin without revealing which exact coin. For example, it would be possible to prove you own at least 1 BTC (or any amount) by doing a ring signature over all the Taproot [unspent transactions] worth more than 1 BTC, and yet it doesn’t actually reveal which is yours,” Belcher said.

This has implications particularly for Lightning Network node operators who want to prove payment channel ownership without sacrificing privacy.



Tagged : / / / / / / / /
Bitcoin (BTC) $ 26,913.21 0.13%
Ethereum (ETH) $ 1,665.63 0.93%
Litecoin (LTC) $ 66.29 2.51%
Bitcoin Cash (BCH) $ 233.52 1.59%